Описание
Security update for apache2
This update for apache2 fixes the following issues:
- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)
Список пакетов
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-EC2-HVM
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-SAP-Azure
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-SAP-EC2-HVM
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-SAP-GCE
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-SAPCAL-Azure
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-SAPCAL-EC2-HVM
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
Image SLES15-SP3-SAPCAL-GCE
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
apache2-2.4.43-3.32.1
apache2-prefork-2.4.43-3.32.1
apache2-utils-2.4.43-3.32.1
SUSE Linux Enterprise Module for Package Hub 15 SP3
apache2-event-2.4.43-3.32.1
SUSE Linux Enterprise Module for Server Applications 15 SP2
apache2-devel-2.4.43-3.32.1
apache2-doc-2.4.43-3.32.1
apache2-worker-2.4.43-3.32.1
SUSE Linux Enterprise Module for Server Applications 15 SP3
apache2-devel-2.4.43-3.32.1
apache2-doc-2.4.43-3.32.1
apache2-worker-2.4.43-3.32.1
Ссылки
- Link for SUSE-SU-2021:3522-1
- E-Mail link for SUSE-SU-2021:3522-1
- SUSE Security Ratings
- SUSE Bug 1190666
- SUSE Bug 1190669
- SUSE Bug 1190702
- SUSE Bug 1190703
- SUSE CVE CVE-2021-34798 page
- SUSE CVE CVE-2021-36160 page
- SUSE CVE CVE-2021-39275 page
- SUSE CVE CVE-2021-40438 page
Описание
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.43-3.32.1
Ссылки
- CVE-2021-34798
- SUSE Bug 1190669
- SUSE Bug 1191297
Описание
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.43-3.32.1
Ссылки
- CVE-2021-36160
- SUSE Bug 1190702
Описание
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.43-3.32.1
Ссылки
- CVE-2021-39275
- SUSE Bug 1190666
Описание
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-prefork-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:apache2-utils-2.4.43-3.32.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM:apache2-2.4.43-3.32.1
Ссылки
- CVE-2021-40438
- SUSE Bug 1190703